UbuntuUpdates.org

Package "munin"

Name: munin

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • network-wide graphing framework (async master/client)
  • network-wide graphing framework (java plugins for node)

Latest version: 2.0.19-3ubuntu0.3
Release: trusty (14.04)
Level: updates
Repository: universe

Links



Other versions of "munin" in Trusty

Repository Area Version
base main 2.0.19-3
security main 2.0.19-3ubuntu0.3
security universe 2.0.19-3ubuntu0.3
updates main 2.0.19-3ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.19-3ubuntu0.3 2017-03-03 16:06:47 UTC

  munin (2.0.19-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - master/_bin/munin-cgi-graph.in: use looks_like_number.
    - 6373554b1cc8bee886947cee598e86d1d9ea1e4a

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:21:41 -0500

Source diff to previous version
1669764 security update spams log file

Version: 2.0.19-3ubuntu0.2 2017-03-02 17:07:29 UTC

  munin (2.0.19-3ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: local file write vulnerability
    - master/_bin/munin-cgi-graph.in: avoid expansion in list context.
    - 42ce18f24d3eae8be33526a198bf21e4f2330230
    - 549bd25d6a45e153159ef8535fc070a71093a3c9
    - CVE-2017-6188

 -- Marc Deslauriers <email address hidden> Thu, 02 Mar 2017 07:26:14 -0500

CVE-2017-6188 Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting



About   -   Send Feedback to @ubuntu_updates